Accessing registry and files

Posted on July 25, 2006

Registry:

IoOpenDeviceRegistryKey
IoOpenDeviceInterfaceRegistryKey

ZwOpenKey
ZwClose
ZwQueryValueKey
ZwSetValueKey
RtlDeleteRegistryValue

File:

Must running at PASSIVE_LEVEL

ZwCreateFile
ZwClose
ZwReadFile
ZwWriteFile

This entry was posted in Windows Kernel. Bookmark the permalink.